Pankaj Jairath's BlogBlog for pjjairathhttps://blogs.oracle.com/pjjairath/feed/entries/atom2010-03-05T01:15:25+00:00Apache Rollerhttps://blogs.oracle.com/pjjairath/entry/latest_drop_for_http_loadLatest drop for HTTP Load Balancerpankajjairath 2007-05-17T03:23:41+00:002007-05-17T10:23:41+00:00
<p><li>GlassFish V2 HTTP Load Blancer has a new drop, aslb-MS4-b3.jar, with couple of bug fixes and revamped installation directory structure. It's accessible at the following location(s)</p>
<p> http://download.java.net/javaee5/external/&lt;OS&gt;/aslb/jars/aslb-9.1-MS4-b3.jar </p>
<p>where : &lt;OS&gt; represents the platform and has the following values - SunOS, SunOS_X86, Linux and WINNT.</li></p>
<p><li>For the benefit of absolute URL's, following are the links to platform specific <code>aslb-MS4-b3.jar</code> drops :<br/>
<a href="http://download.java.net/javaee5/external/SunOS/aslb/jars/aslb-9.1-MS4-b3.jar">SunOS</a></ul><br/>
<a href="http://download.java.net/javaee5/external/SunOS_X86/aslb/jars/aslb-9.1-MS4-b3.jar">SunOS_X86</a></ul><br/>
<a href="http://download.java.net/javaee5/external/Linux/aslb/jars/aslb-9.1-MS4-b3.jar">Linux</a></ul><br/>
<a href="http://download.java.net/javaee5/external/WINNT/aslb/jars/aslb-9.1-MS4-b3.jar">WINNT<a></ul><br/>
</li></p>
https://blogs.oracle.com/pjjairath/entry/ssl_setup_for_webserver_7Configuring WebServer 7.0 for GlassFish DAS Based Administration of HTTP Load Balancerpankajjairath 2007-03-16T07:19:42+00:002007-03-16T15:19:42+00:00
<p>SJSWS 7.0 uses Network Security Services (NSS) to manage security database that stores the keys and certificates. <a href="https://glassfish.dev.java.net/">GlassFish</a> (V2) beta ,on the server side, uses Java Keystore (JKS) to manage it's security database. <br/>
GlassFish HTTP Load Balancer's advanced administration support, requires SSL setup between the WebServer and the Domain Administration Server (DAS). To set this up requires exporting and importing DAS certificate from the JKS system into the WebServer's NSS based one.</p>
<p>The under mentioned details enlist the steps that an administrator can use to configure this.</p>
<p><ul><H2><li>Configure GlassFish HTTP Load Balancer on WebServer 7.0 to accept DAS as a trusted client.</H2></li></ul><ol></p>
<p><li>Create a new HTTP listener and enable it for SSL. While doing so attach the default server certificate available with SJSWS 7.0 installation. For ease you can do this by using the WebServer's GUI based administration console.</li></p>
<p><li>Use the JavaSE 5.0 security tool <a href="http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html">keytool</a> for exporting the DAS certificate, named with alais <code>“s1as”</code>. While doing so select the <code>-rfc</code> option to export the certificate in printable encoding format, as defined by the <a href="http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#EncodeCertificate">Internet RFC 1421 standard.</a>.</p>
<p>In its printable encoding format, the encoded certificate is bounded at the beginning by:</p>
<p><code>-----BEGIN CERTIFICATE-----<br/>
and at the end by<br/>
-----END CERTIFICATE-----</code></p>
<p>Command (Solaris / Linux)<br/>
&lt;JAVA_HOME&gt;/bin/keytool -export -rfc -alias s1as -keystore &lt;GLASSFISH_HOME&gt;/domains/&lt;DOMAIN_NAME&gt;/config/keystore.jks -file s1as.rfc</p>
<p>where:<br/>
&lt;GLASSFISH_HOME&gt; is the installation directory for GlassFish application server<br/>
&lt;DOMAIN_NAME&gt; refers to the GlassFish domain, DAS, whose certificate is being exported. Also Note this takes into assumption that cluster profile is choosen for this created domain.</li></p>
<p><li>Use the NSS security tool <code>certutil</code> to import the DAS certificate from the <code>rfc</code> file created.</p>
<p>&lt;WS_INSTALL_ROOT&gt;/bin/certutil -A -a -n s1as -t "TC" -i s1as.rfc -d &lt;WS_INSTALL_ROOT&gt;/admin-server/config-store/&lt;DEFAULT_CONFIG_NAME&gt;/config<br/>
where, &lt;WS_INSTALL_ROOT&gt; refers to the SJSWS 7.0 installation directory and<br/>
&lt;DEFAULT_CONFIG_NAME&gt; refers to the config name created for the default WebServer <br/>
instance.</p>
<p>You can check the presence of this certificate by using the following command, which would list s1as certificate along with other CA certificates including the default server certificate :<br/>
&lt;WS_INSTALL_ROOT&gt;/bin/certutil -L -d &lt;WS_INSTALL_ROOT&gt;/admin-server/config-store/&lt;DEFAULT_CONFIG_NAME&gt;/config</p>
<p>You can also use the SJSWS 7.0 GUI admin console to view this. Select the configuration to which the certificate has been imported to, in our case the default config, and then select the <code>Certificates</code> tab. You can now look at all the certificates available by selecting the <code>Certificate Authorities</code> sub tab. Following is screen shot for this :</p>
<p><img src=" http://blogs.sun.com/pjjairath/resource/ws7-cert-image3.jpeg"/></p>
<p>Following screen shot relates to the information on the imported DAS certificate nicknamed <code>s1as</code>:</p>
<p><img src=" http://blogs.sun.com/pjjairath/resource/ws7-cert-image2.JPG"/></li><br/>
</ol></p>
<p><ul><H2><li>Configuration changes to WebServer 7.0</H2></li></ul><ol><br/>
<li>Append the following directives to obj.conf file :<br/>
&lt;WS_INTSTALL_ROOT&gt;/admin-server/config-store/&lt;DEFAULT_CONFIG_NAME&gt;/config/obj.conf</p>
<p><code>&lt;Object ppath="\*lbconfigupdate\*"&gt;<br/>
PathCheck fn="get-client-cert" dorequest="1" require="1"<br/>
&lt;Object&gt;</code></p>
<p><code>&lt;Object ppath="\*lbgetmonitordata\*"&gt;<br/>
PathCheck fn="get-client-cert" dorequest="1" require="1"<br/>
&lt;/Object&gt;</code></li></ol><br/>
<ul><H2><li>Deploy the configuration<H2></li></ul><ol><br/>
<li>While doing the changes enlisted above, the admin console would mark this configuration to be deployed. Select the icon for “Deployment Pending”.<br/>
This can also be done by executing the <code>deploy-config</code> WebServer command from WebServer's <code>wadm</code> CLI utility.</p>
<p>&gt;WS_INSTALL_ROOT&gt;/bin/wadm deploy-config –user=&lt;admin&gt; &lt;DEFAULT_CONFIG_NAME&gt;<br/>
where, &lt;admin&gt; is the admin user name.</li></ol><br/>
<br/></p>
<p><ul><H2><li>Test the SSL connection<H2></li></ul><ol><br/>
<li>Test this setup from GlassFish Domain Administration Server (DAS), to communicate over SSL with this configured GlassFish HTTP Load Balancer.<br/>
Following is the screen shot for this “Test Connection” :<br/>
<img src=" http://blogs.sun.com/pjjairath/resource/as9-image4.jpeg"/></li><br/>
</ol></p>
https://blogs.oracle.com/pjjairath/entry/installing_and_configuring_glassfish_httpInstalling and Configuring GlassFish HTTP Load Balancerpankajjairath 2007-03-08T07:51:01+00:002007-03-09T08:17:40+00:00
<p>GlassFish V2, the latest Java EE 5 Application Server from <a href="https://glassfish.dev.java.net/">GlassFish</a> provides high availability features which include Load Balancing and Clustering. GlassFish V2 provides HTTP Load Balancer which is not bundled as part of the it's <a href="https://glassfish.dev.java.net/public/downloadsindex.html">download</a>. One can however explicitly download this component. </p>
<p>Sun Java System WebServer is the supported WebServer for the HTTP Load Balancer. This blog provides the mannual steps to install and configure the GlassFish HTTP Load Balancer and these details relate to Sun Java System WebServer 7.0 - the latest WebServer offering from Sun. </p>
<p><H1>Installing Load Balancer on SJSWS 7.0 under default installation setup of SJSWS 7.0</H1><br/>
<ul><H2><li>Installing SJSWS 7.0</li></H2><br/>
</ul><ol><br/>
<li>Download and install the SJSWS 7.0, <a href="http://www.sun.com/download/products.xml?id=45ad781d">download</a></li></p>
<p><li>Create the following directories: <br/>
&lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/bin <br/>
&lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/resource <br/>
&lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/errorpages <br/>
where,<br/>
&lt;WS_INSTALL_ROOT&gt; is SJSWS 7.0 installation directory.</li></p>
<p><li>Start the admin server by executing &lt;WS_INSTALL_ROOT&gt;/admin-server/bin/startserv.</li><br/>
</ol><ul><br/>
<H2><li>Installing and setting up GlassFish Load Balancer</li></H2><br/>
</ul><ol><br/>
<li>Download aslb (GlassFish Load Balancer component) from the link: <br/>
<a href="http://download.java.net/javaee5/external/SunOS/aslb/jars/aslb-9.1-MS4-b1.jar">http://download.java.net/javaee5/external/SunOS/aslb/jars/aslb-9.1-MS4-b1.jar</a><br/>
where, SunOS literal relates to the Solaris Sparc based operating system platform. For other platforms the values can be - SunOS_X86, Linux and WINNT.</li></p>
<p><li>Unjar to install into GlassFish installation, where &lt;GLASSFISH_HOME&gt; identifies the GlassFish installation directory.<br/>
<ul><br/>
<li>Create &lt;GLASSFISH_HOME&gt;/lib/lbplugin.</li><br/>
<li>Unjar aslb-9.1-MS4-b1.jar file in &lt;GLASSFISH_HOME&gt;/lib/lbplugin.</li><br/>
<li>There are 2 zip files bundled inside the aslb jar: SUNWaslb.zip, SUNWaspx.zip, unzip these 2 zip files in the same directory and delete the zip files.</li><br/>
<li>Change permissions on all shared libraries of lbplugin as below <br/>
chmod -R 755 &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib</li><br/>
</ul><br/>
<li>Copy &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib/webserver-plugin/&lt;OS&gt;/iws61/libpassthrough.so to <br/>
&lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/bin/. <br/>
Where &lt;OS&gt; refers to solaris' for the Solaris platform.,'linux' for the Linux platform and 'windows' for the Windows platform.</li></p>
<p><li>Add execute permission to &lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/bin/libpassthrough.so.</li></p>
<p><li>Copy &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib/webserver-plugin/&lt;OS&gt;/iws61/errorpages/default-error.html to &lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/errorpages/.</li></p>
<p><li>Copy &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib/webserver-plugin/&lt;OS&gt;/iws61/errorpages/sun-http-lberror.html to <br/>
&lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/errorpages/.</li></p>
<p><li>Copy &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib/webserver-plugin/&lt;OS&gt;/iws61/\*.res to &lt;WS_INSTALL_ROOT&gt;/plugins/lbplugin/resource/.</li></p>
<p><b>Following steps relate to updating the default SJSWS 7.0 instance configuration with Load Balancer specific configuration. While doing so, these changes need to be made to the central repository maintained by the admin server for the default WebServer instance created upon installation. This repository is identified by &lt;WS_INSTALL_ROOT&gt;/admin-server/config-store/&lt;default-config-name&gt;/config/. Where, &lt;default-config-name&gt; is the config name created for the default WebServer instance created.</b></p>
<p><li>Copy &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib/install/templates/loadbalancer.xml.example to &lt;WS_INSTALL_ROOT&gt;/admin-server/config-store/&lt;default-config&gt;/config/</li> <br/>
<ul><br/>
<li> This is just an example for notational purpose, the user should manually edit (if choosen to do this way) this file prior to using this as loadbalancer.xml, to reflect the correct cluster configuration. Refer to <a href="https://glassfish.dev.java.net/javaee5/build/GlassFish_LB_Cluster.html#config_lb">Configuring the Load Balancer Plugin</a> for this.Note manual editing it not the endorsed way to configure the Load Balancer. GlassFish Admin CLI or GUI are the two supported approaches for generating this file, while providing for error free load balancer configuration generation.</li><br/>
</ul><br/>
<li>Copy &lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib/dtds/sun-loadbalancer_1_2.dtd to &lt;<br/>
&lt;WS_INSTALL_ROOT&gt;/admin-server/config-store/&lt;default-config&gt;/config/</li></p>
<p><li>Prepend the under mentioned <code>“##EE”</code> lines to &lt;WS_INSTALL_ROOT&gt;/admin-server/&lt;default-config-name&gt;/config/magnus.conf before the following “Init” directive - </p>
<p> <code>Init fn="load-modules" shlib="libj2eeplugin.so" shlib_flags="(global|now)"</code></p>
<p> <code>##BEGIN EE LB Plugin Parameters<br/>
Init fn="load-modules" shlib="${WS_INSTALL_ROOT}/plugins/lbplugin/bin/libpassthrough.so"<br/>
funcs="init-passthrough,service-passthrough,name-trans-passthrough" Thread="no"<br/>
Init fn="init-passthrough"<br/>
##END EE LB Plugin Parameters</code></p>
<p><li>Insert the under mentioned line before the first occurrence of the <code>"NameTrans"</code> directive in &lt;WS_INSTALL_ROOT&gt;/admin-server/&lt;default-config-name&gt;/config/obj.conf</p>
<p> <code>NameTrans fn="name-trans-passthrough" name="lbplugin" config-file="loadbalancer.xml"</code></p>
<p><li>Append the following lines to &lt;WS_INSTALL_ROOT&gt;/admin-server/&lt;default-config-name&gt;/config/obj.conf </p>
<p> <code>&lt;Object name="lbplugin"&gt; <br/>
ObjectType fn="force-type" type="magnus-internal/lbplugin"<br/>
PathCheck fn="deny-existence" path="\*/WEB-INF/\*"<br/>
Service type="magnus-internal/lbplugin" fn="service-passthrough"<br/>
Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"<br/>
&lt;/Object&gt;</code></p>
<p><li>Deploy the configuration to the default WebServer instance created by executing the <code>deploy-config</code> WebServer command from WebServer's <code>wadm</code> CLI utility.</p>
<p> &lt;WS_INSTALL_ROOT&gt;/bin/wadm deploy-config –user=&lt;admin&gt; &lt;default-config-name&gt;<br/>
where, &lt;admin&gt; is the admin user name.</li></p>
<p><li>Update the default WebServer instance startserv script by suffixing the following to <code>LD_LIBRARY_PATH</code>,<br/>
&lt;GLASSFISH_HOME&gt;/lib/lbplugin/lib. You can also get this done by setting the environment variable <code>$LD_LIBRARY_PATH</code> to this value</li>.</p>
<p><li>Start the default WebServer instance by executing the <code>start-instance</code> WebServer command from the WebServer <code>wadm </code> CLI utility</p>
<p>&lt;WS_INSTALL_ROOT&gt;/bin/wadm start-instance --user=&lt;admin&gt; --config=&lt;default-config-name&gt;<br/>
</li><br/>
<ul><br/>
<li>NOTE: <br/>
Step 11, takes into account existence of loadbalancer.xml, if this file is not present the Load Balancer would log a message that the file could not be found. Refer to the Administration support from GlassFish CLI and Admin GUI to create and export this file from Domain Administration Server to the WebServer. <br/>
</ul></p>